CVSROOT: /cvs Module name: src Changes by: bl...@cvs.openbsd.org 2023/01/12 06:09:47
Modified files:
sys/net : pf.c
sys/netinet : tcp_input.c
Log message:
Binding the accept socket in TCP input relies on the fact that the
listen port is not bound to port 0. With a matching pf divert-to
rule this assumption is no longer true and could crash the kernel
with kassert. In both pf and stack drop TCP packets with destination
port 0 before they can do harm.
OK sashan@ claudio@
